Recently, information leakage prevention is a issue for businesses from a compliance point of view. Therefore, many companies store contents of in-house e-mails and attached files, which can cause information leakage, under strict control. As a technique to store the contents and attached files of e-mails, a function is known that is provided in a mail server relaying e-mails and automatically stores all of the contents and the attached files of the e-mails relayed in the mail server (for example, refer to Japanese Laid-open Patent Publication No. 2008-245229).
Such a mail server requires a huge amount of storage capacity for its function of storing all of the contents and the attached files of the e-mails relayed therein. However, when information leakage via an e-mail occurs, an administrator can know the content of the e-mail having caused the information leakage because all of the contents and the attached files of e-mails are stored in the mail server.
Another technique is known that a client computer provided with a mail wrong transmission monitor notifies a user of possibility of wrong transmission based on determination performed by the mail wrong transmission monitor on possibility of wrong transmission (for example, refer to Japanese Laid-open Patent Publication No. 2006-235949).
If a malicious user transmits an e-mail by using another mail server having no mail content storage function for the purpose of keeping out of the administrator's monitoring, the mail server has no way to store the content and the attached file of the e-mail of the malicious user. As a result, the administrator also has no way to know the content and the attached file of the e-mail of the malicious user. If information leakage via the e-mail is exposed, it is difficult for the administrator to identify the content of the e-mail having caused the information leakage, and the administrator is likely to fall behind in addressing the information leakage after the information leakage is exposed.
Although the mail server can store the contents and the attached files of e-mails, it is difficult for the mail server to acquire operation logs when the e-mails are transmitted. Thus, it is difficult for the administrator to identify a transmission log that is evidence of the information leakage. As a result, it is difficult for the administrator to identify the origin of the e-mail having caused the information leakage, and the administrator is likely to fall behind in addressing the information leakage.
The technique disclosed in Japanese Laid-open Patent Publication No. 2006-235949 can determine possibility of wrong transmission before an e-mail is transmitted to a server. However, the technique disclosed in Japanese Laid-open Patent Publication No. 2006-235949 cannot monitor e-mails for the purpose of information leakage prevention or make necessary information available in case of future information leakage.